Ethereal-dev: Re: [ethereal-dev] problems with sniffer save, need info on adding info to NCP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: James Coe <jammer@xxxxxxx>
Date: Mon, 13 Dec 1999 14:35:35 -0600
"Neulinger, Nathan R." wrote:

> I was unable to open the saved capture from ethereal (latest cvs) with
> sniffer pro. It claims it is an unsupported file format.
>
> As a note, sniffer pro seems to come with a bunch of different traces that
> have a LOT of weird stuff in them. I've been looking at them with ethereal
> to see what sort of stuff is in there, but haven't started writing any
> updates
>
> It looks like there are a number of NCP functions that ethereal doesn't
> identify, for example:
>
> create-service-connect    00/02    create a service connection
> service-request         17/3d   read property value request
> destroy-conn            24/00   destroy connection
>
> I don't necessarily want to add all the dissectors for those, but since I
> have the information, I'd be happy to put in labels for the various function
> codes if someone could explain how. (I'm not sure on that ncp2222 structure
> what should be put in.)
>
> This particular trace also has a "IBMNM: trace tool present" dsap packet
> will lots of stuff in it, that may be worth breaking out.
>
> -- Nathan
>
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nneul@xxxxxxx
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216

Novell maintains a NetWare Core Protocol reference on their developer Web site,
but using it to develop the dissector module might create a copyright conflict
with the GPL. However possibly the mars_nwe server emulator could be used to
figure out some of this. It was engineered without using the NCP reference.

I analyzed the coding for the ncp structures  when I added the NCP over IP
patch to the packet-ncp. There are three places to add code for identifying NCP
stuff in it.

enum nfamily {
                NCP_UNKNOWN_SERVICE,            /* unknown or n/a */
... contains the family information. There are other families which should be
added.

static svc_record ncp_17_7C_C[] = {
                { nbelong,      4,      "The queue the job resides in" },
                { nbeshort,     2,      "Job Type" },
                { nend,         0,      NULL }
};
..... service records for dissecting functions.

static ncp2222_record ncp2222[] = {
{ 0x17, 0x35, SUBFUNC, "Get Bindery Object ID",
        ncp_17_35_C, NULL, NCP_BINDERY_SERVICES
},

.... ncp2222 records that break out as follows:

{ function number, subfunction number (always 0 when NOSUB), SUBFUNC(tion) or
NOSUB(function), "description",
    svc_record for calls or NULL, svc_record for replies or NULL, function
family },

Jamie Coe.